CVE-2025-6948
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-25
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 17.11.0 (inc) to 17.11.6 (exc) |
| gitlab | gitlab | From 17.11.0 (inc) to 17.11.6 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.4 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.4 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.2 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE versions before 17.11.6, 18.0.4, and 18.1.2 allows an attacker, under certain conditions, to execute actions on behalf of users by injecting malicious content.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could perform actions as if they were legitimate users, potentially leading to unauthorized changes or access within the affected GitLab instance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update GitLab CE/EE to versions 17.11.6 or later, 18.0.4 or later, or 18.1.2 or later, as these versions contain fixes addressing the issue.